Embracing the Messiness in Search of Epic Solutions

Git LFS: “Certificate Signed by Unknown Authority” Error

Posted

in

Table of Contents

Problem

Your organization enforces zero-trust network access (ex: Zscaler or equivalent).

Based on the ZScaler’s documentation, you made a copy of the Zscaler certificate and added it to Git.

git config --global http.sslcainfo ~/ca_certs/zscaler.pem

The Git’s core commands work successfully. However, when using Git LFS to manage large binary files, it failed with the following errors.

$ git push
Uploading LFS objects:   0% (0/3), 0 B | 0 B/s, done.                                                                                
LFS: Put "https://github-cloud.s3.amazonaws.com/alambic/media/703534560/85/85/858586aa357aa9e8c78f64d76a5d6a866ff4f06160508ac5af50175b604b0c77?actor_id=6835135&key_id=0&repo_id=779032228": tls: failed to verify certificate: x509: certificate signed by unknown authority
LFS: Put "https://github-cloud.s3.amazonaws.com/alambic/media/703534560/5c/47/5c4796e25fcb54726bd605f825d3f53c0804164186ee989af5649164d5026a10?actor_id=6835135&key_id=0&repo_id=779032228": tls: failed to verify certificate: x509: certificate signed by unknown authority
LFS: Put "https://github-cloud.s3.amazonaws.com/alambic/media/703534560/9c/76/9c766b0bf3e91eed522df3c5e508ce33a6c781a4891c8395154149eb60b537e0?actor_id=6835135&key_id=0&repo_id=779032228": tls: failed to verify certificate: x509: certificate signed by unknown authority
error: failed to push some refs to 'github.com:xxxxxxx/my-repo.git' 

Solution

Instead of explicitly pointing to a ZScaler certificate, configure Git to rely on the device’s global trust store, where your security team should have already added the ZScaler certificate.

git config --global http.sslBackend openssl
git config --global --unset http.sslcainfo

Now, Git LFS commands will work successfully.

$ git push
Uploading LFS objects: 100% (3/3), 194 MB | 26 MB/s, done.
Enumerating objects: 1292, done.
Counting objects: 100% (1292/1292), done.
Delta compression using up to 11 threads
Compressing objects: 100% (1280/1280), done.
Writing objects: 100% (1280/1280), 83.42 MiB | 6.93 MiB/s, done.
Total 1280 (delta 751), reused 0 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (751/751), completed with 6 local objects.
To github.com:xxxxxxx/my-repo.git
4075ed3..ce4a0e7 main -> main
sh-3.2$ git status
On branch main
Your branch is up to date with 'origin/main'.

nothing to commit, working tree clean

Tags:

Comments

Leave a Reply